389-ds-base-1.3.8.4-25.1.el7
エラータID: AXSA:2019-3946:02
リリース日:
2019/08/05 Monday - 07:57
題名:
389-ds-base-1.3.8.4-25.1.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- 389-ds-base には、暗号化された接続には 'ioblocktimeout' によるタイムアウトが
適用されていないため、認証されていない攻撃者が繰り返しハングさせる
LDAPリクエストをすることにより、結果としてDoS攻撃を引き起こすことが可能な
脆弱性があります。(CVE-2019-3883)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
Update packages.
CVE:
CVE-2019-3883
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.
追加情報:
N/A
ダウンロード:
SRPMS
- 389-ds-base-1.3.8.4-25.1.el7.src.rpm
MD5: b1c789bd981e254a622703f910207959
SHA-256: d9f86ec1ccce880e6f6c4c330e383ad3bf89285797bba6cbe1d37c6ae0e694a0
Size: 3.64 MB
Asianux Server 7 for x86_64
- 389-ds-base-1.3.8.4-25.1.el7.x86_64.rpm
MD5: 67322f542fd781cc9a98746b45d680af
SHA-256: 1dfb5899c186afc7556c2738240e271da21010ada928fd6838a1dc6d548ddf9a
Size: 1.72 MB - 389-ds-base-libs-1.3.8.4-25.1.el7.x86_64.rpm
MD5: c6e4df3d13dbd5778c149825b5b3c262
SHA-256: 9f5829d2b26254a5b5ece9a4da24f0bc9cd00c65a43e42f27eea08da456427ea
Size: 699.35 kB
English